Cyber threats should be a major focus for aviation

06 Apr 2011

Doug Nancarrow

According to a local expert, the globalisation of the Australian Aviation sector poses significant threats for system security.

Australia-based Pure Hacking says that developments in Information Warfare have dramatically increased the threat of the next generation of malware and industrial espionage performed by rogue employees within airlines and airports.

According to Ty Miller, Chief Technology Officer with the company, the penetration of computer networks from both external and internal rogue employees is in line with global trends.

“There is no doubt that targeted hacking attacks are on the rise, however sophisticated conspiracies to steal data and takeover networks from either nation state, terrorist or individual are occurring more rapidly across the board in every industry.

"The issue with the Aviation sector is that it implicitly relies on systems that require a highly secure, safe environment.”

Speaking at last week's AVSEC 2011 in Canberra, Miller explained the depth of compromise found when recently performing a scheduled penetration test against an airline network in the aviation industry.

"With literally thousands of machines or devices accessible, I only needed to hack one to begin escalating my privileges that resulted in complete compromise the airline’s environment. This included capturing credit cards, documents, plans, communications and databases.”

" For the future, cyber-threats will be more diversified a nd take the form of multi-stage and multi-dimensional attacks that utilise and target a variety of attack tools and technologies.

" For example, the latest generation of web worms uses a variety of different 0-day exploits, propagation methods, and payloads to inflict physical damage.”

Miller also said that every day business scenarios were experiencing attacks from foreign country individuals or government, terrorists and corporate competitors.

“The world has already experienced major aviation manufacturers losing data to foreign countries in a corporate espionage attack. And last year a nuclear program in the Middle East was compromised without any direct internet connection required. The stereotypical Die Hard 2 airport attack where aircraft controls can be taken over is no longer just a movie script. It’s an actual reality,” he concluded.